A strange problem about IPv6 TCP connection

Mogician

11/5/23, 1:07 PM

I have a really weird problem. In short, everything works fine with IPv4, ICMP & UDP for IPv6 is also fine, however, TCP for IPv6 can only "listen", but cannot establish a connection actively!

My workstation OS is Ubuntu 22.04 LTS, NIC is Intel I210. I have another working workstation with the exact same hardware connected to the same switch, so I think there should be no problem with the upstream network configuration.

Now let me elaborate on the problem I'm having. First, my NIC is able to obtain an IPv6 address and traceroute works fine, which means ICMP is working.

ifconfig traceroute6

Then, I used iperf to test the connectivity. As you can see, UDP works fine on both directions. (The faulty host address ends with "cac5")

iperf UDP

But when testing TCP, I find that this workstation can only work as a server.

iperf TCP

I tried to capture packets on my NIC, I found that when acting as a server, bidirectional data packets can be sent and received normally, but when acting as a client, iperf sent no packets to the destination address at all. I checked my routing table, but it seems to be ok. (Since ICMP and UDP are working, routing table should be fine)

routing table

I disabled ufw and my ip6tables look like this:

ip6tables

I also tried traceroute6 -S, which sends TCP SYN probes. No matter how far the destination address is, this command will only show one hop with a very short delay, and regardless of whether the destination port is open or not, the result will always show "open", which is obviously not normal.

traceroute6 -S

I'm really confused. Remote hosts can access this device over IPv6 without any problems, for example, I can log in through SSH, and there is no problem in sending commands and returning results, BUT, this device cannot access any external host using TCP over IPv6.

Really need an expert on this! Thanks a lot!

Update:

I found that the tap_soft interface is working normally. This is the SoftEther VPN I set up, which uses fc00:0:2ac:7af1::/64, after I connect the VPN with my phone, the workstation and the phone are able to establish a TCP connection via IPv6. So I guess maybe there is something wrong with the configurations of the NIC?

Network Manager Conf

sysctl -a:

pastebin.com/kY6vSzxU

132

0 + 2

ipv6

networking

Doug Smythies

11/5/23, 3:28 PM

for your iptables try 'sudo ip6tables -xvnL' and watch the packet counters as you attempt things tyring to learn how the packets traverse the tables. You could add debug logging rules also.

Mogician

11/7/23, 12:52 PM

Thanks a lot, I finally figured out that it was my NAT table that caused the problem.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: A strange problem about IPv6 TCP connection

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.